[FFmpeg-cvslog] Check for invalid update parameters in vmd video decoder.
Laurent Aimar
git at videolan.org
Sat Oct 1 21:38:48 CEST 2011
ffmpeg | branch: release/0.8 | Laurent Aimar <fenrir at videolan.org> | Sat Sep 24 23:16:18 2011 +0200| [1ed90c84f6ab75af91b08436cefb8ea464f8495b] | committer: Michael Niedermayer
Check for invalid update parameters in vmd video decoder.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit e7aed1280ea14b60fceae04d71dfd03e1daf2d04)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1ed90c84f6ab75af91b08436cefb8ea464f8495b
---
libavcodec/vmdav.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c
index ebc8c7e..d7cd3bb 100644
--- a/libavcodec/vmdav.c
+++ b/libavcodec/vmdav.c
@@ -204,6 +204,16 @@ static void vmd_decode(VmdVideoContext *s)
frame_y = AV_RL16(&s->buf[8]);
frame_width = AV_RL16(&s->buf[10]) - frame_x + 1;
frame_height = AV_RL16(&s->buf[12]) - frame_y + 1;
+ if (frame_x < 0 || frame_width < 0 ||
+ frame_x >= s->avctx->width ||
+ frame_width > s->avctx->width ||
+ frame_x + frame_width > s->avctx->width)
+ return;
+ if (frame_y < 0 || frame_height < 0 ||
+ frame_y >= s->avctx->height ||
+ frame_height > s->avctx->height ||
+ frame_y + frame_height > s->avctx->height)
+ return;
if ((frame_width == s->avctx->width && frame_height == s->avctx->height) &&
(frame_x || frame_y)) {
More information about the ffmpeg-cvslog
mailing list